Creating communication sites using Fiddler

Some SharePoint developers are still not familiar with how valuable Fiddler can be when developing applications. Some also would depend on other tools like Postman to get the job done, and others would find it hard to work with Fiddler and SharePoint at the same time​​ due to not being able to get authenticated to SharePoint from Fiddler. I’ll use this post to show the steps on how to use Fiddler with SharePoint online as well as show​​ the steps​​ to create communication sites using REST from Fiddler.​​ 

Obviously, first thing to do is to get Fiddler if you don’t have it already, you can get it​​ here.​​ The left pane in Fiddler is where network traffic is shown. Whenever you make a request or any program on your computer makes a request to any external server, Fiddler acts as a proxy and all traffic is passed through Fiddler as long as it’s running on your computer. You can notice that if you go to your internet options > Connections​​ tab >​​ Lan Settings, you’ll see something like this:​​ 



So now we know that Fiddler acts as a proxy and all network traffic is passed through it as long as it’s running. You can see all the traffic for your computer in the left pane in Fiddler.​​ On the right side, we have bunch of tabs, the only 2 we care about for now are the​​ Inspector​​ and​​ Composer​​ tabs.​​ Double-clicking on any​​ request will open the Inspector tab for you to see the Request (the top area), and the response (the bottom area). We’ll use the inspector tab first to get the cookies used to authenticate to our SharePoint online, later when we get the information about our cookies, we’ll use the Composer tab to make a request to post data to SharePoint to create a new communication site.​​ 


Let’s now get the cookies that are used to authenticate to SharePoint. Make sure you’re tracking capturing traffic​​ (remember all traffic info will appear in the left pane). To​​ verify that, click on the File tab and make sure that “Capture Traffic” is checked:​​ 




Next, open a SharePoint site in your Office 365 tenant, you’ll notice that Fiddler is going to capture that request:​​ 



Double-Click on that entry in Fiddler, and go to the Response section (the bottom right section in Fiddler) and click on the Headers tab:​​ 



You’ll notice​​ you have 2 cookies,​​ FedAuth, and​​ rtFa. Right click on the first one, and select​​ copy value only:​​ 



Open notepad, type​​ Cookies:​​ then paste what you copied, so you should have something like:​​ 


Cookies:​​ {CopiedValue}

Copy the second cookie value in Fiddler, then​​ in notepad​​ write​​ ;​​ afterwards​​ and paste the second value, so the full string you should​​ have​​ is:​​ 


Cookies: {FirstCopiedValue};{SecondCopiedValue}

Copy the whole text in notepad, and open the Composer tab in Fiddler, you’ll find it in the top right section. Change the HTTP request type to​​ POST​​ and paste the URL of your site in the next field and append​​ /_api/contextinfo,​​ then paste the string you had in notepad inside the Headers text area, so the composer tab should look like this:​​ 



Remember that the Cookie: … is the text you have as a result of what we did in notepad earlier when we captured the first request to our site. Again, it should be like this: Cookies: {firstCookieValue};{secondCookieValue}


Now click on​​ Execute, you’ll see that Fiddler captured the request in the list of requests on the left side.​​ Dobule-click on the request entry, you’ll see in the bottom right side (the response area)​​ in the​​ XML​​ tab there’s an entry for FormDigestValue:​​ 


Right click on this value and select​​ Copy, and head back to the Composer tab​​ where you were working, below the Cookies entry add this:​​ 

X-RequestDigest: {ValueofRequestDigest}​​ 

Change the URL to {YourSite}/_api/sitepages/communicationsite/create

So far you should have something like this:​​ 



So far so good! Now we have the Request Digest, we can make Post requests to SharePoint (Remember, you can make Get requests to SharePoint using only the Cookie entry without having to use X-RequestDigest. We only use X-RequestDigest to POST new data to SharePoint).​​ 

So, we got the Request Digest, what data do we need to POST to SharePoint? As we changed the URL to /_api/sitepages/communicationsite/create , that’s the end point to create new communication sites, so we’ll need to provide the info for this site in the request body (the bottom text area in Fiddler as shown in the previous image). Type this:​​ 



"Description": "Site created from Fiddler",​​ 
"Title":"Communcation from Fiddler",


Try hitting Execute now, you’ll see an error in Fiddler on the left side:​​ 

It will tell you that you need to add a Content-Type in the header which we didn’t do, let’s add that, so go back to the Composer tab, and add the content type header as:​​ 

Content-Type: application/json;odata=verbose



Now hit​​ Execute​​ and you’ll see that you’ll get an entry in the requests area in the left pane with a result of 200, which means that the request was successful, if you navigate to the site specified in the Url in the request body, you’ll see that it’s created and it’s based on the Topic site design.​​ 

Note if you need to create an empty communication site or if you want to create one based on the showcase site design, you’ll need to add the SiteDesignId to the request body like this:​​ 


"request": {
"__metadata": {
"type": "SP.Publishing.CommunicationSiteCreationRequest"

"Description": "Site created from Fiddler",
"Title": "Communcation from Fiddler",
"Url": "https://yourtenant/sites/CommFromFiddler",
"SiteDesignId": "f6cc5403-0d63-442e-96c0-285923709ffc"


The above snippet will create an empty communication site. Showcase site design ID =​​ 6142d2a0-63a5-4ba0-aede-d9fefca2c767 .. and omitting the SiteDesignId will create a topic communication site.​​ 


An error you might face making a request to SharePoint is:​​ 

The type of data at position 5 is different than the one expected.


If you see this, make sure the request body you have is surrounded by curly braces { } not starting right away with​​ “request” : ..


I hope this was useful for you and you learned something new! Happy SharePointing!​​ 

External Sharing Report In SharePoint Online

Hello readers! This is a short blog post to share with you a PowerShell script that would be helpful for Office 365 admins in order to know who shared content in SharePoint Online. This script will create a .csv file with a list for each site collection that has content shared outside of the organization, as well as the name of the person with access to your environment, his email, the date when he accessed your environment the first time as well as who invited him to your environment.

Here’s a link to the script on codeplex. Hope this helps someone out there when he’s asked to do a such a report!

Root Site Collection Features Missing in SharePoint Online

When working with SharePoint online, you may think that the features and the way SharePoint is administered is similar to the way it’s administered on-premises, but there are some cases that may be tricky. One of these cases is once you create get your SharePoint online site up and running, you open the root site collection at the Url: and you do some work, then you’d like to save your team site as a template.. but the option is not there.

You may even face this problem when trying to:

  • Change themes.
  • Add content editor web part,
  • Deploy Sandbox solutions
  • Use SharePoint designer to style that site collection!

These are some major functionalities that you would want to use in your Office 365, but you can’t, and then you’ll start being frustrated about how SharePoint Online is limiting you from doing the work you’re supposed to do and you’ll start to embrace the on-premises way again!

But, it’s not a problem with Office 365, it’s actually a security feature in Office 365 for custom scripts, which means that it helps the global administrator for Office 365 to secure his sites from scripts being used here and there.

The scripting functionality is disabled in the root site collection by default, that’s why when you create another site collection under a managed path, scripting will be enabled and you’ll be able to use SharePoint Designer and other functionalities with no differences from the on-premises part, while the scripting is disabled, you’ll get this message when opening SharePoint Designer for the root site collection:




To enable scripting in Office 365, you should go to SharePoint administration center > Settings > Custom Script, as shown below:



To enable scripting for the root site collection, you should enable it for self-service created sites.

Hope this helps someone out there!

Focused Inbox and Office 365 Emails

Microsoft introduced a feature called Clutter, that will route emails that don't seem important to the user to another folder called​​ Other. This was a good approach to help users focus on emails that would be important to them, and they can check the​​ Other​​ folder later on, however, users needed to visit another folder in order to see emails. That's why Microsoft introduced​​ Focused/Other​​ filters.


Now in Office 365, emails will have 2 filter tabs,​​ Focused​​ and Other. Important emails are going to appear in the​​ Focused​​ tab, and​​ other​​ emails will appear the other tab clearly. Now a lot of questions might come up when using these features, so let's review some of them:​​ 


  • How can a user control what emails appear in​​ other​​ and what emails appear in​​ focused​​ tab?​​ 

There are algorithms that teach the application what emails are good enough to appear in the​​ Focused​​ tab, so once a user moves an email from the​​ Other​​ tab to the​​ Focused​​ tab, Outlook will know that this email source is important for the user, and it'll make sure to make upcoming emails from this source appear in the​​ Focused​​ tab.


  • Can a user disable​​ this whole functionality in his Outlook application?

Yes, you can do so by selecting the filter dropdown beside the tabs, and unchecking the option to "Show Focused Inbox", as​​ shown in​​ the image below:​​ 

Focused Other 
Next: No events for the ne 
V All 
Raed Ibrahim mentioned y 
Raed Ibrahim: Hey @Moha 
Last week 
Changes coming to Power 
Find the version that's best f 
Microsoft Online Se 
To me 
Sort by 
Show as 
V Show Focused Inbox 
View your Office 365 Ente



Now let's have a look at this scenario, let's say you're working on a project inside SharePoint online, and one of your colleagues mentions you in the newsfeed inside that project portal, like the following image:​​ 


Newsfeed (9) 
Raed Ibrahim 
Hello @Mohamed D«halli I am excited to start on this project What's the plan? 
A few seconds ago Like Reply


You're going to receive an email from:​​,​​ ​​ But .. That email is going to appear only under the​​ Other​​ tab, and here's the catch, you won't receive notifications for emails that appear under the​​ Other​​ tab. By notifications I mean, you won't get notified when you're working in Office 365 that you received a new email:​​ 


? Mohamed Dernalli 
Nothing new right now


Remember that the newsfeed web part only sends emails when you're mentioned.​​ 


So how do you solve this? You can't just ask each employee to disable the​​ Focused​​ functionality. You have 2 options in this case, either tell Exchange Online to route all emails from to the​​ Focused​​ tab, or you can just disable the​​ Focused​​ inbox functionality on the tenancy level. Here's how we can do that:​​ 



Go to your Office 365 Exchange admin center, and from the left navigation, click "mail flow". Click the + sign to add a new rule:​​ 


compliance management 
mail flow 
public folders 
unified messaging 
Create a new rule... 
Apply rights protection to messages... 
ere are no Iti 
Apply disclaimers... 
Bypass spam filtering... 
Filter messages by size.. 
Generate an incident report when sensitive information is detected... 
Modify messages... 
Restrict managers and their direct reports... 
Restrict messages by sender or recipient... 
Send messages to a moderator... 
Send messages and save a copy for review...



A new window will appear, that looks like this:​​ 


new rule 
*Apply this rule if... 
Select one 
*Do the following„. 
Select one 
Properties of this rule: 
Audit this rule with severity level: 
Not specified 
Choose a mode for this rule: 
@ Enforce 
Test with Policy Tips 
Test without Policy Tips 
More options... 
Riahts Manaaement Services (RMS) is a premium feature that requires an Enterorise Client Access License (CAL) or a RMS 





Give the rule a name, let's say: "Other to Focused Emails Routing", then choose "The recipient address includes…" and click "Enter words…" and add the address you want to appear under​​ Focused​​ tab for all users, in this case, then click the + sign and hit​​ OK.​​ 



specify words or phrases 




Then go all the way down and click​​ "More options…":​​ ​​ 


new rule 
*Apply this rule if... 
Select one 
*Do the following„. 
Select one 
Properties of this rule: 
Audit this rule with severity level: 
Not specified 
Choose a mode for this rule: 
@ Enforce 
Test with Policy Tips 
Test without Policy Tips 
More options... 
Riahts Manaaement Services (RMS) is a premium feature that requires an Enterorise Client Access License (CAL) or a RMS 



In the "Do the following…" dropdown list, choose:​​ Modify the message properties > set ​​ a message header


the following„. 
Select one 
Select one 
Forward the message for approval.„ 
Redirect the message to.„ 
Block the message„. 
Add recipients„. 
Apply a disclaimer to the message... 
Modify the message properties.„ 
Modify the message security„. 
Prepend the subject of the message with.„ 
Notify the sender with a Policy Tip... 
Generate incident report and send it to„. 
Notify the recipient with a message.. 
remove a message header 
set a message header 
apply a message classification 
set the spam confidence level (SCL)




Set the header to:​​ X-MS-Exchange-Organization-BypassFocusedInbox​​ ​​ and the value to​​ true.​​ So the final result should be:​​ 


new rule 
Other to Focused Emails Routing 
*Apply this rule if... 
The recipient address includes„. 
add condition 
*Do the following„. 
Set the message header to this value.. 
add action 
Except if... 
add exception 
Properties of this rule: 
Audit this rule with severity level: 
Not specified 
A for this 
Set the message header 'X-MS-Exchange-Organization- 
BypassFocusedInbOx' to the value •Enter text 



Click save, and that's it. You can wait for a couple of minutes, and then test it. Upcoming emails will be delivered to the​​ Focused​​ tab, and you will receive notifications.




The other option would be to disable the​​ Focused​​ inbox functionality for all users in the tenancy, which leaves you with PowerShell. Once you connect to Exchange Online using PowerShell, you can run the following 2 commands:​​ 



Set-OrganizationConfig -FocusedInboxOn $false



I prefer doing the first​​ approach, and just routing the important emails to users'​​ Focused​​ tab, and give them the freedom to have it if they need.​​